Closed Bug 335335 Opened 18 years ago Closed 18 years ago

Fix string URI consumers to use CheckLoadURIStr

Categories

(SeaMonkey :: General, defect)

x86
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: bzbarsky, Assigned: csthomas)

References

Details

Attachments

(1 file, 1 obsolete file)

At least the following consumers in Seamonkey code use CheckLoadURI for strings, which we've discovered (in bug 334341) is unsafe:

<method name="onLinkAdded"> in tabbrowser.xml

These should probably be switched to CheckLoadURIStr or something...  And other consumers of CheckLoadURI should be checked over.
Flags: blocking-seamonkey1.1a?
Flags: blocking-seamonkey1.0.2?
We certainly want this fixed for any upcoming release, esp. security releases :)
Flags: blocking-seamonkey1.1a?
Flags: blocking-seamonkey1.1a+
Flags: blocking-seamonkey1.0.2?
Flags: blocking-seamonkey1.0.2+
http://developer.mozilla.org/en/docs/Safely_loading_URIs has some information about this. Basically, everything that ends up loading URIs via a docshell should use checkLoadURIStr instead of checkLoadURI to ensure that the fixed up URI is also checked.
Attached patch patch (obsolete) — Splinter Review
My best guess (well, the other option is to pass href directly, but if we use the uri for the load, might as well use its spec).
Attachment #221771 - Flags: review?(neil)
Attached patch v2Splinter Review
Assignee: general → cst
Attachment #221771 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #221776 - Flags: review?(bzbarsky)
Attachment #221771 - Flags: review?(neil)
Comment on attachment 221776 [details] [diff] [review]
v2

I'm not a peer for this code.  Please don't ask me for review on UI patches, in general...
Attachment #221776 - Flags: review?(bzbarsky)
(In reply to comment #2)
>Basically, everything that ends up loading URIs via a docshell should use
>checkLoadURIStr instead of checkLoadURI
Except this URI isn't loading via a docshell, it's the source of an image.
bz: feel free to reopen if I've misunderstood this bug.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
No, if this is loading an image then it's fine.
Attachment #221776 - Flags: review?(neil)
Group: security
Flags: blocking-seamonkey1.1a+
Flags: blocking-seamonkey1.0.2+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: